HP-UX Secure Resource Partitions (SRP) A.02.02 Administrator's Guide
33
----------------------------------------------------------------------
Compartment Configuration (/etc/cmpt/mySRP.rules):
@tag-start compartment="mySRP" template="sshd" service="cmpt" id="1" ;
//
// allow access to the shared sshd files
//
perm nsearch /opt
perm nsearch /opt/ssh
perm nsearch,read /opt/ssh
perm nsearch /var
perm nsearch /var/hpsrp
perm nsearch /var/hpsrp/mySRP
perm nsearch /var/hpsrp/mySRP/opt
perm nsearch /var/hpsrp/mySRP/opt/ssh
perm all /var/hpsrp/mySRP/opt/ssh
//
// add shared rules from the include file at
"/opt/hpsrp/etc/cmpt/sshd.srp_incl"
//
#include "/opt/hpsrp/etc/cmpt/sshd.srp_incl"
Compartment: mySRP Template: sshd Service: provision
----------------------------------------------------------------------
SSHD Configuration File:
/var/hpsrp/mySRP/opt/ssh/sshd_config
SSHD Port:
22
SSHD Key Files:
/var/hpsrp/mySRP/opt/ssh/ssh_host_rsa_key
/var/hpsrp/mySRP/opt/ssh/ssh_host_rsa_key.pub
/var/hpsrp/mySRP/opt/ssh/ssh_host_dsa_key
/var/hpsrp/mySRP/opt/ssh/ssh_host_dsa_key.pub
SSHD Pid File:
/var/hpsrp/mySRP/opt/ssh/sshd.pid
SSHD Startup/Shutdown Script:
/var/hpsrp/mySRP/sbin/init.d/secsh
SSHD Provision Script:
/opt/hpsrp/bin/util/sec_sh
Step 7: Starting the SRP Compartment
To start an SRP compartment, enter the following command:
srp -start srp_name
The srp utility starts the SRP compartment by setting the SRP state to Started and executing the
initialization scripts in the /var/hpsrp/srp_name/sbin/init.d subdirectories.
# /opt/hpsrp/bin/srp -start mySRP